Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /dev/urandom | logger "issue"

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Tue, 22 Aug 2000 15:34:55 +0200
Hi McLain!

The same is true for RH 6.2.
[11a@blue allied]$ ls -al `which logger`
-rwxr-xr-x   1 root     root         9528 Apr 17  1999 /usr/bin/logger

I suppose this is a "by design" problem, most likely kernel developers did
wish for any application to be able to log messages (notice that the
application isn't suid, applying a fix in /usr/bin/logger is
pretty much pointless on any setup with a compiler or wget)

I suspect that a complete fix isn't very easily created. I sugest the
following changes if possible:

1. the logging facilities add uid to log messages not created by the
   kernel itself. [see below, redhat seem to do this]

2. "binary" data should be translated such as performed by less.
   (actually, all logs should be read by less, not cat)


I am betting this has to do with bad permissions on my /var/log/messages,
though I am sure I've seen this on other machines. What do you guys think?


On redhat, only root can read/write to the log. Doesn't seem like the
problem is with the permissions. However, logger behaves slightly
differently:

Aug 22 15:27:44 blue bluefish: This is a test of logger...

With me being logged in as bluefish via ssh, "su - 11a". One would expect
username "11a" to be logged perhaps, but not that big a problem. My only
consern is weather or not this is a small workaround in logger, or if the
kernel actually logs username when logger and logger-alike applications
run.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: